cognito-srp-helper
Version:
A helper for SRP authentication in AWS Cognito
6 lines (5 loc) • 11 kB
JavaScript
var fe=Object.create;var _=Object.defineProperty;var Ae=Object.getOwnPropertyDescriptor;var Ce=Object.getOwnPropertyNames;var Se=Object.getPrototypeOf,Be=Object.prototype.hasOwnProperty;var U=(t,e)=>{for(var s in e)_(t,s,{get:e[s],enumerable:!0})},j=(t,e,s,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of Ce(e))!Be.call(t,n)&&n!==s&&_(t,n,{get:()=>e[n],enumerable:!(r=Ae(e,n))||r.enumerable});return t};var J=(t,e,s)=>(s=t!=null?fe(Se(t)):{},j(e||!t||!t.__esModule?_(s,"default",{value:t,enumerable:!0}):s,t)),Re=t=>j(_({},"__esModule",{value:!0}),t);var be={};U(be,{AbortOnZeroASrpError:()=>x,AbortOnZeroBSrpError:()=>C,AbortOnZeroSrpError:()=>A,AbortOnZeroUSrpError:()=>b,MissingChallengeResponsesError:()=>h,MissingDeviceKeyError:()=>F,MissingLargeBError:()=>f,MissingSaltError:()=>u,MissingSecretError:()=>m,MissingUserIdForSrpBError:()=>E,SignSrpSessionError:()=>d,createDeviceVerifier:()=>ie,createPasswordHash:()=>Y,createSecretHash:()=>oe,createSrpSession:()=>ce,default:()=>xe,signSrpSession:()=>le,signSrpSessionWithDevice:()=>ge,wrapAuthChallenge:()=>de,wrapInitiateAuth:()=>pe});module.exports=Re(be);var Z={};U(Z,{createDeviceVerifier:()=>ie,createPasswordHash:()=>Y,createSecretHash:()=>oe,createSrpSession:()=>ce,signSrpSession:()=>le,signSrpSessionWithDevice:()=>ge,wrapAuthChallenge:()=>de,wrapInitiateAuth:()=>pe});var o=require("buffer/index.js"),l=J(require("crypto-js"),1),a=require("jsbn");var z=require("buffer/index.js"),V=require("jsbn");var N=require("buffer/index.js"),v=J(require("crypto-js"),1),T=require("jsbn");var O=t=>{let e=t instanceof N.Buffer?v.default.lib.WordArray.create(t):t,s=v.default.SHA256(e).toString();return new Array(64-s.length).join("0")+s},R=t=>O(N.Buffer.from(t,"hex")),p=t=>{if(!(t instanceof T.BigInteger))throw new Error("Not a BigInteger");let e=t.compareTo(T.BigInteger.ZERO)<0,s=t.abs().toString(16);if(s=s.length%2!==0?`0${s}`:s,s=/^[89a-f]/i.test(s)?`00${s}`:s,e){let n=s.split("").map(c=>{let g=~parseInt(c,16)&15;return"0123456789ABCDEF".charAt(g)}).join("");s=new T.BigInteger(n,16).add(T.BigInteger.ONE).toString(16),s.toUpperCase().startsWith("FF8")&&(s=s.substring(2))}return s},L=t=>N.Buffer.from(v.default.lib.WordArray.random(t).toString(),"hex"),M=t=>{if(t.length%2!==0)throw new Error("Hex encoded strings must have an even number length");let e=new Uint8Array(t.length/2);for(let s=0;s<t.length;s+=2){let r=t.slice(s,s+2).toLowerCase();if(r in X)e[s/2]=X[r];else throw new Error(`Cannot decode unrecognized sequence ${r} as hexadecimal`)}return e};var Q=z.Buffer.from("Caldera Derived Key","utf8"),H=new V.BigInteger("2",16),w=new V.BigInteger("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",16),ee=new V.BigInteger(R(`${p(w)}${p(H)}`),16),X={"00":0,"01":1,"02":2,"03":3,"04":4,"05":5,"06":6,"07":7,"08":8,"09":9,"0a":10,"0b":11,"0c":12,"0d":13,"0e":14,"0f":15,10:16,11:17,12:18,13:19,14:20,15:21,16:22,17:23,18:24,19:25,"1a":26,"1b":27,"1c":28,"1d":29,"1e":30,"1f":31,20:32,21:33,22:34,23:35,24:36,25:37,26:38,27:39,28:40,29:41,"2a":42,"2b":43,"2c":44,"2d":45,"2e":46,"2f":47,30:48,31:49,32:50,33:51,34:52,35:53,36:54,37:55,38:56,39:57,"3a":58,"3b":59,"3c":60,"3d":61,"3e":62,"3f":63,40:64,41:65,42:66,43:67,44:68,45:69,46:70,47:71,48:72,49:73,"4a":74,"4b":75,"4c":76,"4d":77,"4e":78,"4f":79,50:80,51:81,52:82,53:83,54:84,55:85,56:86,57:87,58:88,59:89,"5a":90,"5b":91,"5c":92,"5d":93,"5e":94,"5f":95,60:96,61:97,62:98,63:99,64:100,65:101,66:102,67:103,68:104,69:105,"6a":106,"6b":107,"6c":108,"6d":109,"6e":110,"6f":111,70:112,71:113,72:114,73:115,74:116,75:117,76:118,77:119,78:120,79:121,"7a":122,"7b":123,"7c":124,"7d":125,"7e":126,"7f":127,80:128,81:129,82:130,83:131,84:132,85:133,86:134,87:135,88:136,89:137,"8a":138,"8b":139,"8c":140,"8d":141,"8e":142,"8f":143,90:144,91:145,92:146,93:147,94:148,95:149,96:150,97:151,98:152,99:153,"9a":154,"9b":155,"9c":156,"9d":157,"9e":158,"9f":159,a0:160,a1:161,a2:162,a3:163,a4:164,a5:165,a6:166,a7:167,a8:168,a9:169,aa:170,ab:171,ac:172,ad:173,ae:174,af:175,b0:176,b1:177,b2:178,b3:179,b4:180,b5:181,b6:182,b7:183,b8:184,b9:185,ba:186,bb:187,bc:188,bd:189,be:190,bf:191,c0:192,c1:193,c2:194,c3:195,c4:196,c5:197,c6:198,c7:199,c8:200,c9:201,ca:202,cb:203,cc:204,cd:205,ce:206,cf:207,d0:208,d1:209,d2:210,d3:211,d4:212,d5:213,d6:214,d7:215,d8:216,d9:217,da:218,db:219,dc:220,dd:221,de:222,df:223,e0:224,e1:225,e2:226,e3:227,e4:228,e5:229,e6:230,e7:231,e8:232,e9:233,ea:234,eb:235,ec:236,ed:237,ee:238,ef:239,f0:240,f1:241,f2:242,f3:243,f4:244,f5:245,f6:246,f7:247,f8:248,f9:249,fa:250,fb:251,fc:252,fd:253,fe:254,ff:255};var G={};U(G,{AbortOnZeroASrpError:()=>x,AbortOnZeroBSrpError:()=>C,AbortOnZeroSrpError:()=>A,AbortOnZeroUSrpError:()=>b,MissingChallengeResponsesError:()=>h,MissingDeviceKeyError:()=>F,MissingLargeBError:()=>f,MissingSaltError:()=>u,MissingSecretError:()=>m,MissingUserIdForSrpBError:()=>E,SignSrpSessionError:()=>d});var d=class extends Error{constructor(e="Could not sign SRP session"){super(e)}},h=class extends d{constructor(e="Could not sign SRP session because of missing or undefined ChallengeResponses in response"){super(e)}},u=class extends d{constructor(e="Could not sign SRP session because of missing or undefined SALT in response.ChallengeResponses"){super(e)}},m=class extends d{constructor(e="Could not sign SRP session because of missing or undefined SECRET_BLOCK in response.ChallengeResponses"){super(e)}},f=class extends d{constructor(e="Could not sign SRP session because of missing or undefined SRP_B in response.ChallengeResponses"){super(e)}},E=class extends d{constructor(e="Could not sign SRP session because of missing or undefined USER_ID_FOR_SRP in response.ChallengeResponses"){super(e)}},F=class extends d{constructor(e="Could not sign SRP session because of missing or undefined DEVICE_KEY in response.ChallengeResponses"){super(e)}},A=class extends Error{constructor(e="Aborting SRP due to 0 value"){super(e)}},x=class extends A{constructor(e="Aborting SRP due to 0 value received for client public key (A)"){super(e)}},C=class extends A{constructor(e="Aborting SRP due to 0 value received for server public key (B)"){super(e)}},b=class extends A{constructor(e="Aborting SRP due to 0 value received for public key hash (u)"){super(e)}};var we=()=>{let t=L(128).toString("hex");return new a.BigInteger(t,16)},Ee=t=>{let e=H.modPow(t,w);if(e.equals(a.BigInteger.ZERO))throw new x;return e},te=(t,e)=>{let s=l.default.lib.WordArray.create(o.Buffer.concat([Q,o.Buffer.from("","utf8")])),r=t instanceof o.Buffer?l.default.lib.WordArray.create(t):t,n=e instanceof o.Buffer?l.default.lib.WordArray.create(e):e,i=l.default.HmacSHA256(r,n),c=l.default.HmacSHA256(s,i);return o.Buffer.from(c.toString(),"hex").slice(0,16)},se=(t,e)=>{let s=R(p(t)+p(e)),r=new a.BigInteger(s,16);if(r.equals(a.BigInteger.ZERO))throw new b;return r},re=(t,e,s,r)=>{let n=H.modPow(t,w);return e.subtract(ee.multiply(n)).modPow(s.add(r.multiply(t)),w)},ne=(t,e)=>new a.BigInteger(R(p(t)+e),16),Fe=()=>{let t=new Date,e="en-US",s="UTC",r=t.toLocaleString(e,{timeZone:s,weekday:"short"}),n=t.toLocaleString(e,{day:"numeric",timeZone:s}),i=t.toLocaleString(e,{month:"short",timeZone:s}),c=t.getUTCFullYear(),g=t.toLocaleString(e,{hour:"2-digit",hourCycle:"h23",minute:"2-digit",second:"2-digit",timeZone:s});return`${r} ${i} ${n} ${g} UTC ${c}`},oe=(t,e,s)=>l.default.HmacSHA256(`${t}${e}`,s).toString(l.default.enc.Base64),Y=(t,e,s)=>{let n=`${s.split("_")[1]}${t}:${e}`;return O(n)},ae=(t,e,s)=>{let r=`${s}${t}:${e}`;return O(r)},ie=(t,e)=>{let s=L(40).toString("base64"),r=ae(t,s,e),n=L(16).toString("hex"),i=p(new a.BigInteger(n,16)),c=M(i),g=o.Buffer.from(c).toString("base64"),S=R(i+r),D=H.modPow(new a.BigInteger(S,16),w),y=p(D),I=M(y),B=o.Buffer.from(I).toString("base64");return{DeviceRandomPassword:s,DeviceSecretVerifierConfig:{PasswordVerifier:B,Salt:g}}},ce=(t,e,s,r=!0)=>{let n=s.split("_")[1],i=Fe(),c=we(),g=Ee(c);return{username:t,poolId:s,poolIdAbbr:n,password:e,isHashed:r,timestamp:i,smallA:c.toString(16),largeA:g.toString(16)}},le=(t,e)=>{if(!e.ChallengeParameters)throw new h;if(!e.ChallengeParameters.SALT)throw new u;if(!e.ChallengeParameters.SECRET_BLOCK)throw new m;if(!e.ChallengeParameters.SRP_B)throw new f;if(!e.ChallengeParameters.USER_ID_FOR_SRP)throw new E;let{SALT:s,SECRET_BLOCK:r,SRP_B:n,USER_ID_FOR_SRP:i}=e.ChallengeParameters,{poolId:c,poolIdAbbr:g,password:S,isHashed:D,timestamp:y,smallA:I,largeA:B}=t;if(n.replace(/^0+/,"")==="")throw new C;let $=D?S:Y(i,S,c),P=se(new a.BigInteger(B,16),new a.BigInteger(n,16)),q=ne(new a.BigInteger(s,16),$),W=re(q,new a.BigInteger(n,16),new a.BigInteger(I,16),P),k=te(o.Buffer.from(p(W),"hex"),o.Buffer.from(p(P),"hex")),K=l.default.lib.WordArray.create(k),ue=l.default.lib.WordArray.create(o.Buffer.concat([o.Buffer.from(g,"utf8"),o.Buffer.from(i,"utf8"),o.Buffer.from(r,"base64"),o.Buffer.from(y,"utf8")])),me=l.default.enc.Base64.stringify(l.default.HmacSHA256(ue,K));return{...t,salt:s,secret:r,largeB:n,passwordSignature:me}},ge=(t,e,s,r)=>{if(!e.ChallengeParameters)throw new h;if(!e.ChallengeParameters.SALT)throw new u;if(!e.ChallengeParameters.SECRET_BLOCK)throw new m;if(!e.ChallengeParameters.SRP_B)throw new f;if(!e.ChallengeParameters.DEVICE_KEY)throw new F;let{DEVICE_KEY:n,SALT:i,SECRET_BLOCK:c,SRP_B:g}=e.ChallengeParameters,{timestamp:S,smallA:D,largeA:y}=t;if(g.replace(/^0+/,"")==="")throw new C;let I=ae(n,r,s),B=se(new a.BigInteger(y,16),new a.BigInteger(g,16)),$=ne(new a.BigInteger(i,16),I),P=re($,new a.BigInteger(g,16),new a.BigInteger(D,16),B),q=te(o.Buffer.from(p(P),"hex"),o.Buffer.from(p(B),"hex")),W=l.default.lib.WordArray.create(q),k=l.default.lib.WordArray.create(o.Buffer.concat([o.Buffer.from(s,"utf8"),o.Buffer.from(n,"utf8"),o.Buffer.from(c,"base64"),o.Buffer.from(S,"utf8")])),K=l.default.enc.Base64.stringify(l.default.HmacSHA256(k,W));return{...t,salt:i,secret:c,largeB:g,passwordSignature:K}},pe=(t,e)=>({...e,AuthParameters:{...e.AuthParameters,SRP_A:t.largeA}}),de=(t,e)=>({...e,ChallengeResponses:{...e.ChallengeResponses,PASSWORD_CLAIM_SECRET_BLOCK:t.secret,PASSWORD_CLAIM_SIGNATURE:t.passwordSignature,SRP_A:t.largeA,TIMESTAMP:t.timestamp}});var he={};var xe={...Z,...G,...he};
/*!
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*/